Network Security News – Sunday, April 30, 2006 Events
IRIX LicenseManager NETLS_LICENSE_FILE Privilege Escalation
IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker with a local system account uses LicenseManager to manipulate root-owned files to gain root privileges. This flaw may lead to a loss of integrity.. Read more at osvdb.org/897
Leadhound agent_commission_statement.pl agent_id Variable XSS
Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'agent_id' variable upon submission to the agent_commission_statement.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25044
Leadhound agent_campaign.pl Multiple Variable XSS
Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' and 'logged' variables upon submission to the agent_campaign.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25058
Leadhound modify_agent_1.pl Multiple Variable XSS
Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' or 'logged' variables upon submission to the modify_agent_1.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25036
Leadhound modify_agent.pl Multiple Variable XSS
Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' or 'logged' variables upon submission to the modify_agent.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25038
Leadhound members.pl Multiple Variable XSS
Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' or 'logged' variables upon submission to the members.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25035
Leadhound agent_camp_sub.pl Multiple Variable XSS
Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' and 'logged' variables upon submission to the agent_camp_sub.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25055
Leadhound lost_pwd.pl Password Field XSS
Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Lost Password field upon submission to the lost_pwd.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25050
Leadhound agent_transactions_csv.pl sub Variable SQL Injection
Leadhound contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the agent_transactions_csv.pl script not properly sanitizing user-supplied input to the 'sub' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25024
Leadhound agent_camp_notsub.pl Multiple Variable XSS
Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' and 'logged' variables upon submission to the agent_camp_notsub.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25059
Vuln: I-RATER Platinum Config_settings.TPL.PHP Remote File Include Vulnerability
I-RATER Platinum Config_settings.TPL.PHP Remote File Include Vulnerability. Read more at securityfocus.com/bid/17731
Vuln: CoolMenus Index.PHP Remote File Include Vulnerability
CoolMenus Index.PHP Remote File Include Vulnerability. Read more at securityfocus.com/bid/17738
Vuln: Linux Orinoco Driver Remote Information Disclosure Vulnerability
Linux Orinoco Driver Remote Information Disclosure Vulnerability
. Read more at securityfocus.com/bid/15085
Vuln: PostNuke Multiple Cross-Site Scripting Vulnerabilities
PostNuke Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/17743
W-Agora 4.20 XSS
W-Agora 4.20 XSS. Read more at securityfocus.com/archive/1/432457
TextFileBB 1.0.16 Multiple XSS
TextFileBB 1.0.16 Multiple XSS
. Read more at securityfocus.com/archive/1/432461
Re: Recent Oracle exploit is _actually_ an 0day with no patch
Re: Recent Oracle exploit is _actually_ an 0day with no patch. Read more at securityfocus.com/archive/1/432456
RE: Recent Oracle exploit is _actually_ an 0day with no patch
RE: Recent Oracle exploit is _actually_ an 0day with no patch. Read more at securityfocus.com/archive/1/432399
Leave a Reply